BestHub
Sign in
Operations 15 min read

Master Linux Network Namespaces: From Creation to Inter‑Namespace Communication

This guide walks you through Linux network virtualization fundamentals, explaining how to create and manage Network Namespaces, configure veth pairs and bridges, and enable communication between isolated namespaces using iproute2 commands, complete with practical command examples and troubleshooting tips.

Open Source Linux
Open Source Linux
Open Source Linux
Master Linux Network Namespaces: From Creation to Inter‑Namespace Communication

Background

In Linux virtualization, the three key network technologies are Network Namespace, veth pair and bridge. This article demonstrates them through hands‑on experiments.

ip netns command

The ip tool from the iproute2 package manages network namespaces via the ip netns sub‑command. Use ip netns help for usage.

[root@qll253 ~]# ip netns help
Usage: ip netns list
       ip netns add NAME
       ip netns set NAME NETNSID
       ip [-all] netns delete [NAME]
       ip netns identify [PID]
       ip netns pids NAME
       ip [-all] netns exec [NAME] cmd ...
       ip netns monitor
       ip netns list-id

Creating a Network Namespace

1. Add a namespace named ns0

[root@1ll253 ~]# ip netns add ns0

2. List namespaces

[root@1ll253 ~]# ip netns list
ns0

3. Verify the namespace directory

[root@1ll253 ~]# ls /var/run/netns/
ns0
Note: New namespaces appear under /var/run/netns/ . To manage namespaces created by other tools, create a symlink in this directory.

Operating a Network Namespace

Each namespace has its own interfaces, routing table, ARP table and iptables. Use ip netns exec to run commands inside a namespace.

1. View the loopback interface in ns0

[root@1ll253 ~]# ip netns exec ns0 ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2. Bring the loopback interface up

[root@1ll253 ~]# ip netns exec ns0 ip link set lo up

3. Verify the interface is up and has an address

[root@1ll253 ~]# ip netns exec ns0 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever

4. Open a shell inside ns0

[root@1ll253 ~]# ip netns exec ns0 /bin/bash
[root@1ll253 ~]# ip addr
... (output) ...
[root@1ll253 ~]# exit

Running a plain shell can be confusing because the prompt does not indicate the current namespace. Use a custom prompt:

[root@1ll253 ~]# ip netns exec ns0 /bin/bash --rcfile <(echo "PS1=\"ns0> \"")
ns0>

Communication Between Network Namespaces

By default, namespaces cannot talk to each other or the host. Connect them with a veth pair, which acts like a virtual cable.

1. Create a veth pair

[root@1ll253 ~]# ip link add type veth
[root@1ll253 ~]# ip link
14: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 06:17:62:85:64:fc brd ff:ff:ff:ff:ff:ff
15: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether fe:9a:48:e4:a3:99 brd ff:ff:ff:ff:ff:ff

The two ends are linked; removing one automatically removes the other.

2. Create a second namespace ns1

[root@1ll253 ~]# ip netns add ns1
[root@1ll253 ~]# ip netns list
ns1
ns0

3. Move each veth end into a different namespace

[root@1ll253 ~]# ip link set veth0 netns ns0
[root@1ll253 ~]# ip link set veth1 netns ns1

4. Assign IP addresses and bring the interfaces up

# ns0 side
[root@1ll253 ~]# ip netns exec ns0 ip addr add 192.168.1.1/24 dev veth0
[root@1ll253 ~]# ip netns exec ns0 ip link set veth0 up

# ns1 side
[root@1ll253 ~]# ip netns exec ns1 ip addr add 192.168.1.2/24 dev veth1
[root@1ll253 ~]# ip netns exec ns1 ip link set veth1 up

Ping between the namespaces confirms connectivity.

Bridge

For more than two namespaces, a bridge aggregates multiple interfaces.

1. Create a bridge named docker0 and assign an IP

# ip link add docker0 type bridge
# ip link set dev docker0 up
# ifconfig docker0 172.17.0.1/16

2. Bind each veth end to the bridge and configure the namespaces

# ns0
ip link set dev veth1 netns ns0
ip netns exec ns0 ip link set dev veth1 name eth0
ip netns exec ns0 ip addr add 172.17.0.101/16 dev eth0
ip netns exec ns0 ip link set dev eth0 up
ip link set dev veth0 master docker0
ip link set dev veth0 up

# ns1
ip link set dev veth3 netns ns1
ip netns exec ns1 ip link set dev veth3 name eth0
ip netns exec ns1 ip addr add 172.17.0.102/16 dev eth0
ip netns exec ns1 ip link set dev eth0 up
ip link set dev veth1 master docker0
ip link set dev veth3 up

# ns2 (similar steps for veth5)

3. Test connectivity

# Inside ns0
ip netns exec ns0 ping -c 1 172.17.0.1      # bridge
ip netns exec ns0 ping -c 1 172.17.0.102   # ns1
ip netns exec ns0 ping -c 1 172.17.0.103   # ns2

The pings succeed, demonstrating that the bridge enables communication among multiple namespaces.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxBridgeNetwork NamespaceVethiproute2
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment